Secure the Net initiative found to be an overall failure for NSA – Federal Times

Posted: June 19, 2017 at 6:53 pm

A declassified report from the Defense Department Inspector General has been released, according to the New York Times.

The 60-page report commissioned by Congress assesses 7 of the 40 components that the National Security Agency outlined for their Secure the Net initiative. This initiative was put forth to help improve the security of sensitive systems after the Snowden disclosures in 2013.

The NSA, according to the inspector generals report, had some successes, but the overall initiative did not fully meet the intent of decreasing the risk of insider threats to NSA operations and the ability of insiders to exfiltrate data.

According to the Times, the report details how their efforts fell short, including the failure to reduce the number of privileged users who can access sensitive computer systems; their failure to consistently keep data center machine rooms secure, as well as failing to lock the server racks containing highly classified data; and the failure to fully implement software that would monitor users.

The report also noted the agencys failure to declare an exact number of people with abilities to transfer data. The lists containing this information were kept on spreadsheets that were corrupted and are no longer available.

The inspector generals report noted that NSA CIO Gregory Smithberger told the inspector general that the elimination of all insider risks and threats is not feasible. He told the Times, While the media leak events that led to Secure the Net (STN) were both unforeseen and serious, we consider the extensive progress we made in a short time to be a good news story.

The importance of securing classified information, as the report warns, was underscored the same month the inspector generals report was produced, according to the Times. In August 2016, a group called the Shadow Brokers obtained and auctioned off classified hacking tools allegedly from the NSA some of which were dumped online. Those tools were later seen as part of the global WannaCry ransomware attack.

We welcome the observations and opportunities for improvement offered by the U.S. Defense Departments Inspector General, Vanee Vines, spokesperson for the NSA told the Times. NSA has never stopped seeking and implementing ways to strengthen both security policies and internal controls.

See more here:
Secure the Net initiative found to be an overall failure for NSA - Federal Times

Related Posts